FKIE_CVE-2020-36915

Vulnerability from fkie_nvd - Published: 2026-01-06 16:15 - Updated: 2026-06-17 03:16
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
References
disclosure@vulncheck.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/190628
disclosure@vulncheck.comhttps://packetstorm.news/files/id/159709
disclosure@vulncheck.comhttps://www.adtecdigital.com
disclosure@vulncheck.comhttps://www.exploit-db.com/exploits/48954
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials
disclosure@vulncheck.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.exploit-db.com/exploits/48954
Impacted products
Vendor Product Version
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "SignEdje Digital Signage Player",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.08.28"
            }
          ]
        },
        {
          "product": "mediaHUB HD-Pro High \u0026 Standard Definition MPEG2 Encoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "3.07.19"
            }
          ]
        },
        {
          "product": "afiniti Multi-Carrier Platform",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "1905_11"
            }
          ]
        },
        {
          "product": "EN-31 Dual Channel DSNG Encoder / Modulator",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.01.15"
            }
          ]
        },
        {
          "product": "EN-210 Multi-CODEC 10-bit Encoder / Modulator",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "3.00.29"
            }
          ]
        },
        {
          "product": "EN-200 1080p AVC Low Latency Encoder / Modulator",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "3.00.29"
            }
          ]
        },
        {
          "product": "ED-71 10-bit / 1080p Integrated Receiver Decoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.02.24"
            }
          ]
        },
        {
          "product": "edje-5110 Standard Definition MPEG2 Encoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "1.02.05"
            }
          ]
        },
        {
          "product": "edje-4111 HD Digital Media Player",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.07.09"
            }
          ]
        },
        {
          "product": "Soloist HD-Pro Broadcast Decoder",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.07.09"
            }
          ]
        },
        {
          "product": "adManage Traffic \u0026 Media Management Application",
          "vendor": "Adtecdigital",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.4"
            }
          ]
        }
      ],
      "source": "disclosure@vulncheck.com"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions."
    },
    {
      "lang": "es",
      "value": "Adtec Digital SignEdje Digital Signage Player v2.08.28 contiene m\u00faltiples credenciales predeterminadas codificadas que permiten acceso remoto no autenticado a las interfaces web, telnet y SSH. Los atacantes pueden explotar estas credenciales para obtener acceso a nivel de root y ejecutar comandos del sistema en m\u00faltiples versiones de productos de Adtec Digital."
    }
  ],
  "id": "CVE-2020-36915",
  "lastModified": "2026-06-17T03:16:29.727",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2020-36915",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-01-06T19:42:21.293291Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-01-06T16:15:47.550",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190628"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://packetstorm.news/files/id/159709"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.adtecdigital.com"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.exploit-db.com/exploits/48954"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.vulncheck.com/advisories/adtec-digital-signedje-digital-signage-player-default-credentials"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.exploit-db.com/exploits/48954"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        },
        {
          "lang": "en",
          "value": "CWE-1392"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.